From c2073a031c947270dac3f17c7f76e2996cd1b5b1 Mon Sep 17 00:00:00 2001
From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com>
Date: Tue, 14 Oct 2025 06:10:07 -0700
Subject: [PATCH] feat: Support `default_auth_scheme` (#39)
---
README.md | 5 +++--
examples/mysql-iam-cluster/README.md | 4 ++--
examples/mysql-iam-cluster/versions.tf | 2 +-
examples/mysql-iam-instance/README.md | 4 ++--
examples/mysql-iam-instance/versions.tf | 2 +-
examples/postgresql-iam-cluster/README.md | 4 ++--
examples/postgresql-iam-cluster/main.tf | 2 +-
examples/postgresql-iam-cluster/versions.tf | 2 +-
examples/postgresql-iam-instance/README.md | 4 ++--
examples/postgresql-iam-instance/versions.tf | 2 +-
main.tf | 1 +
variables.tf | 6 ++++++
versions.tf | 2 +-
wrappers/main.tf | 1 +
wrappers/versions.tf | 2 +-
15 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index 80cb388..a3c4bd8 100644
--- a/README.md
+++ b/README.md
@@ -63,13 +63,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.15 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.15 |
## Modules
@@ -105,6 +105,7 @@ No modules.
| [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no |
| [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
| [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
+| [default\_auth\_scheme](#input\_default\_auth\_scheme) | Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM\_AUTH. Defaults to NONE | `string` | `null` | no |
| [endpoints](#input\_endpoints) | Map of DB proxy endpoints to create and their attributes | map(object({
name = optional(string)
vpc_subnet_ids = list(string)
vpc_security_group_ids = optional(list(string))
target_role = optional(string)
tags = optional(map(string), {})
})) | `{}` | no |
| [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
| [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |
diff --git a/examples/mysql-iam-cluster/README.md b/examples/mysql-iam-cluster/README.md
index a3179b0..3811185 100644
--- a/examples/mysql-iam-cluster/README.md
+++ b/examples/mysql-iam-cluster/README.md
@@ -31,13 +31,13 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.15 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.15 |
## Modules
diff --git a/examples/mysql-iam-cluster/versions.tf b/examples/mysql-iam-cluster/versions.tf
index db13b0a..e1ac31c 100644
--- a/examples/mysql-iam-cluster/versions.tf
+++ b/examples/mysql-iam-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.15"
}
}
}
diff --git a/examples/mysql-iam-instance/README.md b/examples/mysql-iam-instance/README.md
index efb56bc..4a699fa 100644
--- a/examples/mysql-iam-instance/README.md
+++ b/examples/mysql-iam-instance/README.md
@@ -31,14 +31,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.15 |
| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.15 |
| [random](#provider\_random) | >= 2.0 |
## Modules
diff --git a/examples/mysql-iam-instance/versions.tf b/examples/mysql-iam-instance/versions.tf
index d2f4f3e..5c467ae 100644
--- a/examples/mysql-iam-instance/versions.tf
+++ b/examples/mysql-iam-instance/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.15"
}
random = {
source = "hashicorp/random"
diff --git a/examples/postgresql-iam-cluster/README.md b/examples/postgresql-iam-cluster/README.md
index 7fa3f12..29a0cc6 100644
--- a/examples/postgresql-iam-cluster/README.md
+++ b/examples/postgresql-iam-cluster/README.md
@@ -31,13 +31,13 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.15 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.15 |
## Modules
diff --git a/examples/postgresql-iam-cluster/main.tf b/examples/postgresql-iam-cluster/main.tf
index f858511..38de2ec 100644
--- a/examples/postgresql-iam-cluster/main.tf
+++ b/examples/postgresql-iam-cluster/main.tf
@@ -88,7 +88,7 @@ module "rds" {
name = local.name
engine = "aurora-postgresql"
- engine_version = "14.7"
+ engine_version = "17.5"
master_username = "root"
# When using RDS Proxy w/ IAM auth - Database must be username/password auth, not IAM
diff --git a/examples/postgresql-iam-cluster/versions.tf b/examples/postgresql-iam-cluster/versions.tf
index db13b0a..e1ac31c 100644
--- a/examples/postgresql-iam-cluster/versions.tf
+++ b/examples/postgresql-iam-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.15"
}
}
}
diff --git a/examples/postgresql-iam-instance/README.md b/examples/postgresql-iam-instance/README.md
index be5783d..3cfd16e 100644
--- a/examples/postgresql-iam-instance/README.md
+++ b/examples/postgresql-iam-instance/README.md
@@ -31,14 +31,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.15 |
| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.15 |
| [random](#provider\_random) | >= 2.0 |
## Modules
diff --git a/examples/postgresql-iam-instance/versions.tf b/examples/postgresql-iam-instance/versions.tf
index d2f4f3e..5c467ae 100644
--- a/examples/postgresql-iam-instance/versions.tf
+++ b/examples/postgresql-iam-instance/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.15"
}
random = {
source = "hashicorp/random"
diff --git a/main.tf b/main.tf
index 0e84fb5..c67247f 100644
--- a/main.tf
+++ b/main.tf
@@ -21,6 +21,7 @@ resource "aws_db_proxy" "this" {
}
debug_logging = var.debug_logging
+ default_auth_scheme = var.default_auth_scheme
engine_family = var.engine_family
idle_client_timeout = var.idle_client_timeout
name = var.name
diff --git a/variables.tf b/variables.tf
index e1a1012..321ab20 100644
--- a/variables.tf
+++ b/variables.tf
@@ -49,6 +49,12 @@ variable "debug_logging" {
default = false
}
+variable "default_auth_scheme" {
+ description = "Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM_AUTH. Defaults to NONE"
+ type = string
+ default = null
+}
+
variable "engine_family" {
description = "The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL`"
type = string
diff --git a/versions.tf b/versions.tf
index db13b0a..e1ac31c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.15"
}
}
}
diff --git a/wrappers/main.tf b/wrappers/main.tf
index 2ebf21f..7db046b 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -15,6 +15,7 @@ module "wrapper" {
db_cluster_identifier = try(each.value.db_cluster_identifier, var.defaults.db_cluster_identifier, "")
db_instance_identifier = try(each.value.db_instance_identifier, var.defaults.db_instance_identifier, "")
debug_logging = try(each.value.debug_logging, var.defaults.debug_logging, false)
+ default_auth_scheme = try(each.value.default_auth_scheme, var.defaults.default_auth_scheme, null)
endpoints = try(each.value.endpoints, var.defaults.endpoints, {})
engine_family = try(each.value.engine_family, var.defaults.engine_family, "")
iam_policy_name = try(each.value.iam_policy_name, var.defaults.iam_policy_name, "")
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index db13b0a..e1ac31c 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.15"
}
}
}